Privacy policy

Privacy Policy

Pastry Skincare (PTY) LTD respects your privacy. This Privacy Policy explains how we collect, use, store, and share your personal information when you visit pastryskincare.co.za, place an order, sign up for our newsletter, or interact with us in any other way.

This policy is issued in compliance with the Protection of Personal Information Act 4 of 2013 ("POPIA").

Who we are

Pastry Skincare (PTY) LTD is the Responsible Party as defined in POPIA. You can reach us at:

128 Leslie Avenue, Sandton 2191
Email: customer@pastryskincare.co.za
Phone: +27 10 596 1470

Information Officer: details of our designated Information Officer can be requested by emailing customer@pastryskincare.co.za with subject line "Information Officer enquiry."

Personal information we collect

We collect the following categories of personal information when you interact with us:

  • Identity and contact: name, email, phone number, delivery address, billing address
  • Account: login credentials, order history, saved preferences, wish-lists
  • Payment: payment card details (handled directly by our payment processor — we do not store card numbers)
  • Order and transactional: products purchased, order value, delivery status, returns history, communication records
  • Skin and product preferences: if you complete our skin quiz, sign up for personalised recommendations, or share concerns with us in customer support
  • Marketing preferences: consent status for email, SMS, and WhatsApp marketing
  • Technical and behavioural: IP address, browser type, device type, pages viewed, referring URL, time spent, interactions with our site (collected via cookies and analytics — see Cookies section)
  • User-generated content: reviews, photos, and testimonials you choose to share

Special personal information

Skin concern data and any health-related information you share (for example, in our skin quiz, customer support, or product reviews) is treated as special personal information under POPIA. We process this only with your express consent and only to recommend suitable products or assist with adverse-reaction queries.

How we collect personal information

We collect information directly from you when you create an account, place an order, contact us, sign up for marketing, leave a review, or interact with our website. We also collect technical information automatically through cookies and analytics tools when you visit our site.

We may receive limited information from third parties such as payment processors (transaction confirmations) and our authorised stockist BeautyOnTApp (when you purchase Pastry products in their stores and consent to share your details with us).

Why we use your personal information (lawful basis)

We process your personal information on the following lawful grounds under POPIA:

  • Contract: to fulfil your order, deliver products, process payments, and provide customer support
  • Consent: to send you marketing emails, SMS, or WhatsApp messages, and to process special personal information such as skin concerns
  • Legitimate interest: to operate, secure, and improve our website, prevent fraud, analyse aggregated trends, and personalise your experience
  • Legal obligation: to comply with tax, accounting, regulatory, and consumer-protection law

Who we share your information with

We share your personal information only as needed to operate our business, and only with parties bound by appropriate confidentiality and data-protection obligations:

  • E-commerce platform: Shopify Inc. — hosting, checkout, order management
  • Payment processors: for card and EFT transactions
  • Couriers and logistics: for order fulfilment and delivery, including our authorised stockist BeautyOnTApp's delivery network
  • Marketing tools: Klaviyo (email, SMS), Meta Pixel, Google Ads, TikTok Pixel — for advertising, analytics, and customer communications, where you have consented
  • Reviews: Judge.me — to collect and display your product reviews where you have submitted them
  • Authorised stockist: BeautyOnTApp, where shared inventory or fulfilment is required
  • Professional advisors: auditors, lawyers, and accountants under confidentiality
  • Authorities: where required by law (SARS, courts, regulators)

We do not sell your personal information.

International transfers

Some of our service providers (Shopify, Klaviyo, Meta, Google) operate from outside South Africa, including the United States and European Union. Where personal information is transferred outside South Africa, we require equivalent levels of protection through contractual safeguards and reliance on the recipient's adequate data-protection regime, in line with POPIA Section 72.

How long we keep your information

We keep personal information only as long as necessary for the purpose collected:

  • Order and transactional records: 7 years (to comply with SARS and accounting obligations)
  • Account data: for as long as your account is active, plus 3 years after closure
  • Marketing data: until you opt out, plus a short period to honour your unsubscribe
  • Skin and reaction queries: 5 years after resolution, for product-safety records
  • Website analytics: aggregated and de-identified after 26 months

Your rights under POPIA

You have the right to:

  • Access the personal information we hold about you
  • Correct or update inaccurate or outdated information
  • Request deletion of your information (subject to lawful retention obligations)
  • Object to processing for direct marketing
  • Withdraw your consent at any time, where consent is the lawful basis
  • Lodge a complaint with the Information Regulator (South Africa)

To exercise any of these rights, email customer@pastryskincare.co.za with the subject line "POPIA request." We respond within 30 days.

Information Regulator (South Africa):
JD House, 27 Stiemens Street, Braamfontein, Johannesburg 2001
Email: complaints.IR@justice.gov.za
Website: inforegulator.org.za

Cookies and tracking

We use cookies and similar technologies to operate our website, remember your preferences, analyse traffic, and personalise marketing. The categories of cookies we use are:

  • Essential: required for the site to function (cart, checkout, login)
  • Analytics: to understand site usage (Google Analytics, Shopify Analytics)
  • Marketing: to deliver relevant advertising on Meta, Google, TikTok
  • Personalisation: to remember preferences and recommend products

You can manage non-essential cookies via the consent banner on first visit, or by adjusting your browser settings. Declining cookies may limit some site features.

Children

Our website and products are intended for use by individuals 18 years or older. We do not knowingly collect personal information from children under 18. If you are a parent or guardian and believe we have collected information from a minor, please contact us and we will delete it.

Security

We take reasonable technical and organisational measures to safeguard your personal information against loss, unauthorised access, and misuse, including encrypted connections (HTTPS), access controls, and regular security reviews. No system is fully secure and we cannot guarantee absolute security.

Updates to this policy

We may update this Privacy Policy from time to time. The "Last updated" date below indicates the latest revision. Material changes will be communicated via email or prominently on our website.

Last updated: 1 May 2026

© 2026 Pastry Skincare,